A cookie is a small file containing text and numbers generated by a website and can be stored and accessed via your web browser back to our website when you revisit the site.
Our website makes use of 'cookies' (ones which are stored on your hard drive and typically expire after a set amount of time) and a number of 'session cookies' (these automatically vanish when you close your browser) to provide required functionality such as the ability to log-in to your account, to use our booking system.
These cookies are non-intrusive ie. they don't store any of your personal information and are not used for tracking purposes. Blocking these cookies will remove significant functionality from our website and will stop you from creating or logging into an account on our website and from booking online with us.
Should you wish to, you can execute complete control over how your web browser deals with cookies including deleting them and blocking them. You should refer to your web browser's settings and help for further information about this.
Under data protection law, individuals have a right to be informed about how iCT4 Limited uses any personal data that we hold about them. We comply with this right by providing ‘Privacy Notices’ (sometimes called ‘Fair Processing Notices’) to individuals where we are processing their personal data.
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
This Privacy Notice explains how we, iCT4 Limited, collect, store and use personal data from our clients.
We, iCT4 Limited with registered address at C/O Bishop Fleming, Chy Nyverow, Newham Road, Truro, TR1 2DP are the ‘Data Controller’ for the purposes of data protection law.
Our Data Protection Representative (DPR) (see ‘Contact us’ below) is responsible for ensuring that this notice is made available to data subjects prior to iCT4 Limited collecting / processing their personal data. All employees of iCT4 Limited who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured.
Personal data that we may collect, use, store and share (when appropriate) about you includes, but is not restricted to:
We do not collect, store or use information about you that falls into "special categories" of more sensitive personal data. These types of information include (where applicable), race, ethnicity, religious beliefs, sexual orientation, political opinions, trade union membership, health, including any medical conditions, sickness records, criminal records or offences.
The purpose of processing this data is to help us run iCT4 Limited and to provide an outstanding service to our customers, we will only use personal data when the law allows. The below schedule sets out the nature, type, category and description of the purpose of the processing.
|Purpose||Description and types of client data||Lawful basis of processing|
|Financial – invoicing, statements, remittance||Contractual and legitimate interests|
|Emailing marketing material such as promotions and services that may be of interest||Consent, contractual and legitimate interests to develop services and customers. To ensure compliance all mailings will have a clear and easy to operate opt out message / function.|
|Delivery of an order / service||Contractual and legitimate interests|
|Emailing service messages / alerts / updates to ensure customers are kept up to date with service updates such as system upgrades||Contractual and legitimate interests|
|Contract creation||Contractual and legitimate interests|
|Changes to terms and conditions / policies||Legal obligations and contractual|
We only collect and use personal information about you when the law allows us to. Most commonly, we use it where we need to:
Less commonly, we may also use personal information about you where:
Where you have provided us with consent to use your data, you may withdraw this consent at any time. We will make this clear when requesting your consent and explain how you go about withdrawing consent if you wish to do so.
Some of the reasons listed above for collecting and using personal information about you overlap, and there may be several grounds which justify iCT4 Limited’s use of your data.
We collect personal information via phone, post, email and in person. Types of interactions that would gather information includes but not limited to:
We take data security very seriously to ensure your personal data is not lost, used, disclosed, accessed or altered in any unauthorised way. To enable us to provide this security we have implemented the below security measures:
We have implemented procedures to deal with actual or suspected data breach and will notify you and the ICO where we are legally required to do so.
We will only keep your personal data for as long as necessary to fulfil contractual, legal and financial obligations along with maintaining your data for services that you have opted to receive such as marketing. We maintain an internal data retention schedule which all staff adhere to.
We may share your personal data with third-party service providers contracted to iCT4 Limited in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they are contracted for. When they no longer need your data to fulfil this service, they will dispose of the details in line with GDPR procedures.
Third parties that we may share your personal data with include prospective companies that we may merge, transfer or sell our company, if this were to happen the data obtained would still be used as set out in this document. Other third parties would include suppliers to allow us to fulfil orders and contracts. The shared data is only permitted to be used for the purposes originally instructed to the third party, the third party is not permitted to use this data for their own purposes.
Where it is legally required, or necessary (and it complies with data protection law) we may share personal information about you with:
We will not transfer personal data to a country or territory outside the European Economic Area unless the prior written consent of the client has been obtained and we will do so in accordance with data protection law.
How to access personal information we hold about you
Individuals have a right to make a ‘subject access request’ to gain access to personal information that iCT4 Limited holds about them. At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
|Right of access||You have the right to request a copy of the information that we hold about you.|
|Right of rectification||You have a right to correct data that we hold about you that is inaccurate or incomplete.|
|Right to be forgotten||In certain circumstances you can ask for the data we hold about you to be erased from our records.|
|Right to restriction of processing||Where certain conditions apply to have a right to restrict the processing.|
|Right of portability||You have the right to have the data we hold about you transferred to another organisation.|
|Right to object||You have the right to object to certain types of processing such as direct marketing.|
|Right to object to automated processing, including profiling||You also have the right to be subject to the legal effects of automated processing or profiling.|
|Right to judicial review||In the event that iCT4 Limited refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.|
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data. If you would like to make a request, please contact our DPR. You will be required to provide identification acceptable ID includes passport, driving license, birth certificate or utility bill (dated within last 3 months).
You may also have the right for your personal information to be transmitted electronically to another organisation in certain circumstances.
We take any complaints about our collection and use of personal information very seriously.
If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.
To make a complaint, please contact our data protection Representative. Alternatively, you can make a complaint to the Information Commissioner’s Office:
Cornwall TR15 3PT